persona-logo
Back to identity glossary

What is digital identity?

Digital identity is a group of data points — information, attributes, credentials, behaviors, and more — that together represent an individual, business, device, or other entity in a digital space. 

A digital identity is like a file that contains everything you know about a person’s digital footprint. If a person needs to prove digitally that they are who they say they are, they can present you with a piece of information or evidence (or usually multiple pieces of evidence), which you can then compare against what’s contained in the file. 

As more and more products and services move online, digital identities are a crucial part of interacting with the web, for example, when:

  • A student logs into an online learning platform to complete an exam

  • An individual wants to open an individual retirement account (IRA) or other retirement account with an investment firm

  • An employee needs to log into their company email

  • A user takes the plunge and signs up for online dating

Digital identity vs. digital ID

While the terms digital identity and digital IDs sound similar and are sometimes used interchangeably, they’re actually different concepts. 

A digital identity is a set of identifying data points that can be used to represent or verify a person’s identity online. A digital ID, on the other hand, is an electronic identification document (ID) meant to replace a physical ID. A mobile driver’s license (mDL), digital driver’s license (dDL), electronic IDs (eIDs), and e-passports can all be considered examples of digital IDs. 

Importantly, digital IDs can be used to establish and verify a person’s digital identity. 

Digital identity vs. user

While users and digital identities are related, they are not the same. 

A user is somebody that opens an account in order to access and interact with a specific platform or system — for example, a social media platform or an online marketplace. Another way to think about it is that a user is somebody who opens an account and establishes a digital identity, while a digital identity contains all of the data you know about a specific person.

Digital identity vs. account

Likewise, it can be easy to conflate a digital identity with an account — but again, they are not the same.

An account is essentially a portal through which a user is allowed to interact with a platform or system. They are typically secured via login credentials: a username, password, and potentially security questions or multi-factor authentication settings which are used to gain access to the account. An account can be tied to a digital identity, but it does not make up the entirety of that identity. 

Why is digital identity important?

Ultimately, the importance of digital identities is that they allow a business or organization to know who somebody is and whether or not they should have access to a particular platform, service, or account. They’re essential not just for authentication purposes, but for a variety of other purposes as well:

  • Compliance: Businesses operating in a number of industries — like banking, financial services, and online marketplaces — are required to verify the identities of all or some of their users. Digital identities make this verification possible in a remote setting. 

  • Anti-fraud measures: Once a digital identity has been established, it can be used to evaluate accounts and transactions for fraud, empowering you to spot and eliminate potential account takeovers and other fraud vectors.

  • Friction control: The more attributes a digital identity contains, the more flexibility you have in controlling friction around logins. For example, imagine that you have established a particular device as a trusted device for login purposes for your user. When a user logs in again in the future, if you detect this device, you may choose to offer an easier, lower-friction means of authentication. 

What’s included in a digital identification?

The data points, attributes, and other characteristics that are included in a digital identity will vary depending on use case as well as the type of identity that is being established. 

For individuals, a digital identity will often include things like:

  • Name

  • Date of birth

  • Social Security number

  • ID numbers (driver’s license, passport)

  • Fingerprints

  • Selfies

  • Voiceprints

  • Login credentials

  • Answers to security questions

  • Email addresses

  • Social media profiles

  • Bank account numbers 

  • Debit and credit card numbers

  • PINs

  • IP addresses

  • Geolocation data

  • Other personally identifiable information (PII)

Depending on the setting, it can also include things like an individual’s browsing history, transaction data, and more.

For businesses and other entities, it may include:

  • Business registration numbers

  • Taxpayer identification number (TIN)

  • Employer identification number (EIN)

  • Value-Added Tax (VAT) number

  • Corporate email addresses

  • Corporate social media handles and profiles

  • Corporate domain names

  • Bank account numbers

  • Debit and credit card numbers

  • Geolocation data

Other identifying information, such as customer account numbers and vendor codes — as well as fingerprints, selfies, and login credentials tied to an organization’s executives — can also form part of an entity’s digital identity. 

Finally, for devices, it can include attributes like:

  • IP addresses

  • Device fingerprints

  • Browser fingerprints

  • Security certificates

  • Geolocation

  • API keys

  • Serial numbers

  • International Mobile Equipment Identity (IMEI) numbers

  • Mobile Equipment Identifier (MEID)

  • NFC or RFID tags

Types of digital identity

We can segment digital identities in a number of different ways. For example, based on how they are established. Under this framework, we have the following types of digital identity:

  • Account-based digital identities, which are established when an individual creates an account and uses that account to access a platform, content, or services

  • Document-based digital identities, which are established by and linked to a government-issued ID, like a driver’s license, passport, or digital ID

  • Biometric digital identities, which are tied to an individual’s biometric information, such as their fingerprint, voiceprint, or selfie

  • Credential-backed digital identities, which are tied to a person’s login information, including their username, passport, and answers to security questions

  • Email-backed digital identities, which are tied to a person’s email or single sign-on (SSO) to access a variety of accounts around the web

  • Device-based digital identities, which are tied to a person’s device (smartphone, computer, security keyfob, etc.) 

  • Social media-based digital identities, which are linked to a person’s social media presence across a variety of different platforms and profiles

  • Payment-based digital identities, which are established by a person’s payment information, such as their debit card, credit card, or digital payment information

Frequently asked questions

What is digital identity verification?

Toggle description visibility

Digital identity verification is the process of confirming a person is who they say they are, using digitally-available information in a remote setting. This can include information provided directly from the individual, such as answers to questions, government-issued IDs, selfies, and information from online sources like a social media profile. 

Keep learning: Why you need a digital verification system for your business

What is digital identity management?

Toggle description visibility

Digital identity management (DIM) is the set of processes a business uses to ensure proper access of its systems. It includes initial verification of a person’s digital identity as well as subsequent maintenance of their information (i.e., keeping up-to-date records). As a concept, it is closely related to the idea of identity and access management (IAM)

What is digital identity theft?

Toggle description visibility

Digital identity theft, or online identity theft, is when a fraudster steals a person’s identity using information that is available online. A fraudster may, for example, take information and photos from a person’s social media profiles in order to impersonate them. It can also include instances where a bad actor actually takes control over a person’s online account and uses it to make unauthorized purchases or engage in some other form of fraud. 

Keep learning: Red Flags Rule: Your business’s role in preventing identity theft

What is digital identity protection?

Toggle description visibility

Digital identity protection refers to the steps and measures that you put in place to secure a digital identity from inappropriate access or use. It can include a variety of measures. As a business or platform owner, you can increase the protection of your users’ digital identities with measures like:

  • Encouraging users to use a unique password to engage with your platform

  • Forbidding the use of common or easy-to-guess passwords

  • Requiring users to routinely update or change their passwords

  • Verifying identities during the account creation process

  • Reverifying identities during high-risk moments, such as when a user tries to change key account information or engage in a purchase

  • Using data science techniques like link analysis to identify suspiciously connected accounts that may be fraudulent